<!DOCTYPE html>
<html lang="en">
<head>
	<meta charset="UTF-8">
	<meta http-equiv="X-UA-Compatible" content="IE=edge">
    <meta name="viewport" content="width=device-width, initial-scale=1">
	<title>Configuring Kibana | ElasticSearch 7.7 权威指南中文版</title>
	<meta name="keywords" content="ElasticSearch 权威指南中文版, elasticsearch 7, es7, 实时数据分析，实时数据检索" />
    <meta name="description" content="ElasticSearch 权威指南中文版, elasticsearch 7, es7, 实时数据分析，实时数据检索" />
    <!-- Give IE8 a fighting chance -->
    <!--[if lt IE 9]>
    <script src="https://oss.maxcdn.com/html5shiv/3.7.2/html5shiv.min.js"></script>
    <script src="https://oss.maxcdn.com/respond/1.4.2/respond.min.js"></script>
    <![endif]-->
	<link rel="stylesheet" type="text/css" href="../static/styles.css" />
	<script>
	var _link = 'oidc-kibana.html';
    </script>
</head>
<body>
<div class="main-container">
    <section id="content">
        <div class="content-wrapper">
            <section id="guide" lang="zh_cn">
                <div class="container">
                    <div class="row">
                        <div class="col-xs-12 col-sm-8 col-md-8 guide-section">
                            <div style="color:gray; word-break: break-all; font-size:12px;">原英文版地址: <a href="https://www.elastic.co/guide/en/elasticsearch/reference/7.7/oidc-kibana.html" rel="nofollow" target="_blank">https://www.elastic.co/guide/en/elasticsearch/reference/7.7/oidc-kibana.html</a>, 原文档版权归 www.elastic.co 所有<br/>本地英文版地址: <a href="../en/oidc-kibana.html" rel="nofollow" target="_blank">../en/oidc-kibana.html</a></div>
                        <!-- start body -->
                  <div class="page_header">
<strong>重要</strong>: 此版本不会发布额外的bug修复或文档更新。最新信息请参考 <a href="https://www.elastic.co/guide/en/elasticsearch/reference/current/index.html" rel="nofollow">当前版本文档</a>。
</div>
<div id="content">
<div class="breadcrumbs">
<span class="breadcrumb-link"><a href="index.html">Elasticsearch Guide [7.7]</a></span>
»
<span class="breadcrumb-link"><a href="secure-cluster.html">Secure a cluster</a></span>
»
<span class="breadcrumb-link"><a href="oidc-guide.html">Configuring single sign-on to the Elastic Stack using OpenID Connect</a></span>
»
<span class="breadcrumb-node">Configuring Kibana</span>
</div>
<div class="navheader">
<span class="prev">
<a href="oidc-user-metadata.html">« User metadata</a>
</span>
<span class="next">
<a href="oidc-without-kibana.html">OpenID Connect without Kibana »</a>
</span>
</div>
<div class="section">
<div class="titlepage"><div><div>
<h2 class="title">
<a id="oidc-kibana"></a>Configuring Kibana<a class="edit_me edit_me_private" rel="nofollow" title="Editing on GitHub is available to Elastic" href="https://github.com/elastic/elasticsearch/edit/7.7/x-pack/docs/en/security/authentication/oidc-guide.asciidoc">edit</a>
</h2>
</div></div></div>
<p>OpenID Connect authentication in Kibana requires a small number of additional settings
in addition to the standard Kibana security configuration. The
<a href="https://www.elastic.co/guide/en/kibana/7.7/using-kibana-with-security.html" class="ulink" target="_top">Kibana security documentation</a>
provides details on the available configuration options that you can apply.</p>
<p>In particular, since your Elasticsearch nodes have been configured to use TLS on the HTTP
interface, you must configure Kibana to use a <code class="literal">https</code> URL to connect to Elasticsearch, and
you may need to configure <code class="literal">elasticsearch.ssl.certificateAuthorities</code> to trust
the certificates that Elasticsearch has been configured to use.</p>
<p>OpenID Connect authentication in Kibana is also subject to the
<code class="literal">xpack.security.sessionTimeout</code> setting that is described in the Kibana security
documentation, and you may wish to adjust this timeout to meet your local needs.</p>
<p>The three additional settings that are required for OpenID Connect support are shown below:</p>
<div class="pre_wrapper lang-yaml">
<pre class="programlisting prettyprint lang-yaml">xpack.security.authc.providers:
  oidc.oidc1:
    order: 0
    realm: "oidc1"</pre>
</div>
<p>The configuration values used in the example above are:</p>
<div class="variablelist">
<dl class="variablelist">
<dt>
<span class="term">
<code class="literal">xpack.security.authc.providers</code>
</span>
</dt>
<dd>
Add <code class="literal">oidc</code> provider to instruct Kibana to use OpenID Connect single sign-on as the
authentication method. This instructs Kibana to attempt to initiate an SSO flow
everytime a user attempts to access a URL in Kibana, if the user is not already
authenticated. If you also want to allow users to login with a username and password,
you must enable the <code class="literal">basic</code> authentication provider too. For example:
</dd>
</dl>
</div>
<div class="pre_wrapper lang-yaml">
<pre class="programlisting prettyprint lang-yaml">xpack.security.authc.providers:
  oidc.oidc1:
    order: 0
    realm: "oidc1"
  basic.basic1:
    order: 1</pre>
</div>
<p>This will allow users that haven’t already authenticated with OpenID Connect to
log in using the Kibana login form.</p>
<div class="variablelist">
<dl class="variablelist">
<dt>
<span class="term">
<code class="literal">xpack.security.authc.providers.oidc.&lt;provider-name&gt;.realm</code>
</span>
</dt>
<dd>
The name of the OpenID Connect realm in Elasticsearch that should handle authentication
for this Kibana instance.
</dd>
</dl>
</div>
</div>
<div class="navfooter">
<span class="prev">
<a href="oidc-user-metadata.html">« User metadata</a>
</span>
<span class="next">
<a href="oidc-without-kibana.html">OpenID Connect without Kibana »</a>
</span>
</div>
</div>

                  <!-- end body -->
                        </div>
                        <div class="col-xs-12 col-sm-4 col-md-4" id="right_col">
                        
                        </div>
                    </div>
                </div>
            </section>
        </div>
    </section>
</div>
<script src="../static/cn.js"></script>
</body>
</html>